Wednesday, May 16, 2007

Security incidents can wreak catastrophic results on organizations. Such incidents may involve hacking, malware outbreaks, economic espionage, intellectual property theft or loss, network access abuse, theft of IT resources, or many other issues. Recent regulatory mandates directly affect how organizations should deal with such occurrences.

The well-known security maxim, "prevention-detection-response," covers three components, all crucially important for an organization’s security posture. "Prevention" seems favored by many as the primary component with "detection" following close behind. However, "response" has a unique characteristic lacking in the other two components: it is impossible to avoid. While it is not uncommon for an organization to have weak prevention and nearly non-existent detection capabilities, response will always be present, since organizations are forced into response mode by attackers.

Tuesday, May 15, 2007

In the case of U.S. v. Duronio, the bomb was the standard Unix remove command hidden amongst other legitimate commands. The payload was triggered in such a way that it would delete all of the files on the important stock trading servers on the morning of March 4, 2002, which in turn would render them useless to UBS-PW employees and stock traders.

Sunday, May 6, 2007

"A wireless network that employed less protection than many people use on their home systems appears to be the weak link that led TJX Companies, the US-based retailing empire, to preside over the world's biggest known theft of credit-card numbers.

Despite a market capitalization of almost $13bn, it appears the company couldn't afford to secure its Wi-Fi network with anything more robust than the woefully inadequate Wired Equivalent Privacy protocol.

According to a front-page article in today's Wall Street Journal, the nonfeasance allowed hackers to use a simple telescope-shaped antenna and a laptop to intercept data flowing through a Wi-Fi network used at a Marshalls discount clothing store near St. Paul, Minnesota."

Friday, May 4, 2007

Scapy is a powerful interactive packet manipulation program. It is able to forgeor decode packets of a wide number of protocols, send them on the wire, capture them, match requests andreplies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.).It also performs very well at a lot of other specific tasks that most other tools can't handle,like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc.

Wednesday, May 2, 2007

The lab is unique for its flexibility to be used for both high-volumeelectronic data discovery -- including data processing, culling with searchterms, de-duplication and file conversion -- and complex digital forensicsactivities. The facility is secured with biometric locks and the evidencestorage "vault" is also secured with advanced motion detectors.

Because of an expanding caseload, we needed to integrate a variety of media -- including paper and electronic files -- into a centralized management system. Each person on the case also required up-to-date information on case schedules, correspondence completed or needed, and